Vulnerability Description
An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Arcsight Enterprise Security Manager | 6.0 |
| Hp | Arcsight Enterprise Security Manager Express | 6.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101627
- https://softwaresupport.hpe.com/km/KM02996760
- https://www.auscert.org.au/bulletins/54166
- http://www.securityfocus.com/bid/101627
- https://softwaresupport.hpe.com/km/KM02996760
- https://www.auscert.org.au/bulletins/54166
FAQ
What is CVE-2017-14356?
CVE-2017-14356 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL...
How severe is CVE-2017-14356?
CVE-2017-14356 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-14356?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Arcsight Enterprise Security Manager, Hp Arcsight Enterprise Security Manager Express.